About

Hello! We are the Tower of Hanoi (also known as Hanoiati), the Politecnico di
Milano CTF team.
We are a group of B.Sc, M.Sc, and Ph.D. students interested in information
security. We love to play CTF and sometimes to organize them too (check out the
PoliCTF!).
We’re also part of mHACKeroni: the union of
5 Italian CTF teams who joined their forces to qualify and participate to
the DEF CON CTF Finals.

We usually meet weekly in the NECSTLab, a research
laboratory of the Politecnico di Milano that deals mainly with computer
security and computer architectures.
During our meetings, we either review together the past CTF challenges or
discuss interesting information security topics.

Cool, but… what is a CTF?

CTFs (Capture The Flag) are information security competitions, aimed at
teaching how to find, exploit and patch security vulnerabilities and, in turn,
how to avoid vulnerabilities when writing software.

Some CTFs are organized as attack-defense competitions: different teams
receive a virtual machine image with some vulnerable (network) services; each
team has to find the vulnerabilities, patch them in its own image to defend
themselves from the attacks of other teams, and exploit the vulnerabilities
attacking other teams to gain tokens (i.e., flags) needed to score game points.

In jeopardy-style ones (the majority of online CTFs!), instead, teams are
presented with a set of specific challenges in a range of categories, touching
aspects such as vulnerability exploitation, reverse engineering, cryptography
and others.

A bit of history

The team “Tower of Hanoi” traces its root back to 2004: the University of
California, Santa Barbara organized in December 2004 a CTF (the iCTF)
open to university students all over the world.
Politecnico di Milano was invited and joined with the team “The Tower of Hanoi”.
Our team won the first and second (June 2005) edition of the contest;
Tower of Hanoi has been playing iCTF every year since then.

In 2010, Tower of Hanoi grows up, becoming a full-fledged CTF team:
we start competing also to other of the main online jeopardy and attack-defense CTFs,
such as the DEF CON Qualifiers, PlaidCTF, CSAW, RuCTFe, and many others.

In the meantime, we also created our own CTF: in 2012, we
go online with the first edition of the PoliCTF.
The experiment was successful, and we repeated it in 2015
and 2017.

In 2018, we joined other academic and non-academic Italian teams to get serious
into qualifying to the DEF CON CTF (i.e., the most important CTF!). We create
the “mega-team” mHACKeroni, obtaining the second place
to the DEF CON 2018 Qualifiers and the seventh place to the finals in Vegas.

Contacts

If you are interested, feel free to drop us a line! Our email address is
toh@necst.it, or you can find us on Twitter
@towerofhanoi.

If you are a student interested into a thesis or a project in the field of
information security (or you just want to learn more about the academic
research activities of our lab), check out the NECST Laboratory
website.